2

I was trying to use Android Password expiration feature using DeviceAdmin. When I call setPasswordExpirationTimeout() API , it only sends a notification and doesn't actually force the user to change the password. It only sends a notification after timeout:

V/DevicePolicyManagerService( 662): Sending password expiration notifications for action com.android.server.ACTION_EXPIRED_PASSWORD_NOTIFICATION

You have to get the callback in DeviceAdminReceiver in onPasswordExpired() to force user to change password.

Any specific reason it's been implemented this way (or is it just to give flexibility to the programmer)?

The only option I could see is starting activity with intent ACTION_SET_NEW_PASSWORD in the callback in DeviceAdminReceiver which the user can overrule by simply pressing 'Cancel' button.

How to 100% enforce the to change password ?

BartoszKP
  • 34,786
  • 15
  • 102
  • 130
Dinesh Garg
  • 21
  • 3

1 Answers1

1

Have you tried looking at the DeviceAdminSample (source code)? The Android SDK comes with all the samples so you can easily add the ApiDemos as an Eclipse project and run it in the simulator.

I originally thought you could call the resetPassword method in the DevicePolicyManager, but you would need the user to have given you their new password to do that, which I assume you don't want to do!

Dan J
  • 25,433
  • 17
  • 100
  • 173
  • found something relevant over here: https://github.com/sindhureddy2903/Android-Security-Alert-Application/blob/77c8a19a95c6e2607b1338b612df3a16b628f148/androidsecurity/androidsecurity/app/src/main/java/edu/ucdenver/androidsecurity/DevicePolicyAdmin.java – StefanS Jun 24 '19 at 14:37